CVE List - 2024 / May
Showing 1 - 100 of 4994 CVEs for May 2024 (Page 1 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-26793 | 2024-05-01 | libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. |
| CVE-2023-46294 | 2024-05-01 | An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root... |
| CVE-2023-46295 | 2024-05-01 | An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to... |
| CVE-2024-22830 | 2024-05-01 | Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to... |
| CVE-2024-24312 | 2024-05-01 | SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. |
| CVE-2024-24313 | 2024-05-01 | An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. |
| CVE-2024-25355 | 2024-05-01 | s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. |
| CVE-2024-25458 | 2024-05-01 | An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP... |
| CVE-2024-26504 | 2024-05-01 | An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. |
| CVE-2024-30176 | 2024-05-01 | In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. |
| CVE-2024-32210 | 2024-05-01 | The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. |
| CVE-2024-32211 | 2024-05-01 | An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components. |
| CVE-2024-32212 | 2024-05-01 | SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. |
| CVE-2024-32213 | 2024-05-01 | The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed. |
| CVE-2024-33078 | 2024-05-01 | Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. |
| CVE-2024-33292 | 2024-05-01 | SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. |
| CVE-2024-33300 | 2024-05-01 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. |
| CVE-2024-33304 | 2024-05-01 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. |
| CVE-2024-33306 | 2024-05-01 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. |
| CVE-2024-33393 | 2024-05-01 | An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. |
| CVE-2024-33423 | 2024-05-01 | Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under... |
| CVE-2024-33424 | 2024-05-01 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter... |
| CVE-2024-33428 | 2024-05-01 | Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. |
| CVE-2024-33429 | 2024-05-01 | Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. |
| CVE-2024-33430 | 2024-05-01 | An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. |
| CVE-2024-33431 | 2024-05-01 | An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. |
| CVE-2024-33442 | 2024-05-01 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. |
| CVE-2024-33763 | 2024-05-01 | lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. |
| CVE-2024-33766 | 2024-05-01 | lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. |
| CVE-2024-33768 | 2024-05-01 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. |
| CVE-2024-33775 | 2024-05-01 | An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. |
| CVE-2024-33820 | 2024-05-01 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the... |
| CVE-2024-33835 | 2024-05-01 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function. |
| CVE-2023-23021 | 2024-05-01 | Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. |
| CVE-2023-23022 | 2024-05-01 | Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. |
| CVE-2024-25676 | 2024-05-01 | An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource... |
| CVE-2024-33307 | 2024-05-01 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. |
| CVE-2024-33764 | 2024-05-01 | lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. |
| CVE-2024-33767 | 2024-05-01 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. |
| CVE-2024-28978 | 2024-05-01 | Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. |
| CVE-2024-28979 | 2024-05-01 | Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit... |
| CVE-2023-52647 | 2024-05-01 | media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access |
| CVE-2023-52648 | 2024-05-01 | drm/vmwgfx: Unmap the surface before resetting it on a plane state |
| CVE-2024-26930 | 2024-05-01 | scsi: qla2xxx: Fix double free of the ha->vp_map pointer |
| CVE-2024-26931 | 2024-05-01 | scsi: qla2xxx: Fix command flush on cable pull |
| CVE-2024-26932 | 2024-05-01 | usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() |
| CVE-2024-26933 | 2024-05-01 | USB: core: Fix deadlock in port "disable" sysfs attribute |
| CVE-2024-26934 | 2024-05-01 | USB: core: Fix deadlock in usb_deauthorize_interface() |
| CVE-2024-26935 | 2024-05-01 | scsi: core: Fix unremoved procfs host directory regression |
| CVE-2024-26937 | 2024-05-01 | drm/i915/gt: Reset queue_priority_hint on parking |
| CVE-2024-26938 | 2024-05-01 | drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() |
| CVE-2024-26939 | 2024-05-01 | drm/i915/vma: Fix UAF on destroy against retire race |
| CVE-2024-26940 | 2024-05-01 | drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed |
| CVE-2024-26941 | 2024-05-01 | drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau |
| CVE-2024-26942 | 2024-05-01 | net: phy: qcom: at803x: fix kernel panic with at8031_probe |
| CVE-2024-26943 | 2024-05-01 | nouveau/dmem: handle kcalloc() allocation failure |
| CVE-2024-26944 | 2024-05-01 | btrfs: zoned: fix use-after-free in do_zone_finish() |
| CVE-2024-26945 | 2024-05-01 | crypto: iaa - Fix nr_cpus < nr_iaa case |
| CVE-2024-26946 | 2024-05-01 | kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address |
| CVE-2024-26947 | 2024-05-01 | ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses |
| CVE-2024-26948 | 2024-05-01 | drm/amd/display: Add a dc_state NULL check in dc_state_release |
| CVE-2024-26949 | 2024-05-01 | drm/amdgpu/pm: Fix NULL pointer dereference when get power limit |
| CVE-2024-26950 | 2024-05-01 | wireguard: netlink: access device through ctx instead of peer |
| CVE-2024-26951 | 2024-05-01 | wireguard: netlink: check for dangling peer via is_dead instead of empty list |
| CVE-2024-26952 | 2024-05-01 | ksmbd: fix potencial out-of-bounds when buffer offset is invalid |
| CVE-2024-26953 | 2024-05-01 | net: esp: fix bad handling of pages from page_pool |
| CVE-2024-26954 | 2024-05-01 | ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() |
| CVE-2024-26955 | 2024-05-01 | nilfs2: prevent kernel bug at submit_bh_wbc() |
| CVE-2024-26956 | 2024-05-01 | nilfs2: fix failure to detect DAT corruption in btree and direct mappings |
| CVE-2024-26957 | 2024-05-01 | s390/zcrypt: fix reference counting on zcrypt card objects |
| CVE-2024-26958 | 2024-05-01 | nfs: fix UAF in direct writes |
| CVE-2024-26959 | 2024-05-01 | Bluetooth: btnxpuart: Fix btnxpuart_close |
| CVE-2024-26960 | 2024-05-01 | mm: swap: fix race between free_swap_and_cache() and swapoff() |
| CVE-2024-26961 | 2024-05-01 | mac802154: fix llsec key resources release in mac802154_llsec_key_del |
| CVE-2024-26962 | 2024-05-01 | dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape |
| CVE-2024-26963 | 2024-05-01 | usb: dwc3-am62: fix module unload/reload behavior |
| CVE-2024-26964 | 2024-05-01 | usb: xhci: Add error handling in xhci_map_urb_for_dma |
| CVE-2024-26965 | 2024-05-01 | clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays |
| CVE-2024-26966 | 2024-05-01 | clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays |
| CVE-2024-26967 | 2024-05-01 | clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays |
| CVE-2024-26968 | 2024-05-01 | clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays |
| CVE-2024-26969 | 2024-05-01 | clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays |
| CVE-2024-26970 | 2024-05-01 | clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays |
| CVE-2024-26971 | 2024-05-01 | clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays |
| CVE-2024-26973 | 2024-05-01 | fat: fix uninitialized field in nostale filehandles |
| CVE-2024-26974 | 2024-05-01 | crypto: qat - resolve race condition during AER recovery |
| CVE-2024-26975 | 2024-05-01 | powercap: intel_rapl: Fix a NULL pointer dereference |
| CVE-2024-26976 | 2024-05-01 | KVM: Always flush async #PF workqueue when vCPU is being destroyed |
| CVE-2024-26977 | 2024-05-01 | pci_iounmap(): Fix MMIO mapping leak |
| CVE-2024-26978 | 2024-05-01 | serial: max310x: fix NULL pointer dereference in I2C instantiation |
| CVE-2024-26936 | 2024-05-01 | ksmbd: validate request buffer size in smb2_allocate_rsp_buf() |
| CVE-2024-26980 | 2024-05-01 | ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf |
| CVE-2024-26981 | 2024-05-01 | nilfs2: fix OOB in nilfs_set_de_type |
| CVE-2024-26982 | 2024-05-01 | Squashfs: check the inode number is not the invalid value of zero |
| CVE-2024-26983 | 2024-05-01 | bootconfig: use memblock_free_late to free xbc memory to buddy |
| CVE-2024-26984 | 2024-05-01 | nouveau: fix instmem race condition around ptr stores |
| CVE-2024-26985 | 2024-05-01 | drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init |
| CVE-2024-26986 | 2024-05-01 | drm/amdkfd: Fix memory leak in create_process failure |
| CVE-2024-26987 | 2024-05-01 | mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled |
| CVE-2024-26988 | 2024-05-01 | init/main.c: Fix potential static_command_line memory overflow |